Some of our remote using who are using L2TP to connect to our WatchGuard M440 are having some issues. The VPN connects just fine, but every time the VPN connects a *Session is getting added to credential manager in Windows.

Our users AD and VPN usernames are the same. When this *Session get added to credential manager after the VPN connects it has the same username. The issue is when anyone tried to open email or access network shares it is using this *Session in credential manager to authenticate to AD related items, like email and shares.

Right now I made a bat file that removes the *Session from credential manager. So right after someone connects the VPN they have to run the bat file then they can work.

What do I need to do so this *Session stops getting added to credential manager every time the VPN is connected???

1 Reply

It sounds like Firebox-DB authentication is in use for the L2TP VPN, but with the same usernames in Firebox-DB as in Active Directory. Another option is to setup NPS to allow RADIUS authentication to the L2TP VPN using the AD credentials. That would allow the users to login to the VPN with their AD credentials without having to duplicate the accounts in Firebox-DB. A KB article is available with directions for setting up NPS for mobile VPN user authentication: https://watchguardsupport.secure.force.com/publicKB?type=Article&SFDCID=kA10H000000g3AOSAY&l...